Insider threat is the potential for an insider to use their privileged access and understanding of an organization to mistreat that organization. An insider can be an employee, an organization member, an associate, a business partner, and a person who is knowledgeable about organizational strengths and business strategy.

There are different types of insider threats: unintentional threat, intentional threat, and a mole. Regardless of the intent, the end result is compromised confidentiality, availability, and integrity (CIA) of corporate networks and data. Insider threats present in different ways: cyber espionage, sabotage, theft, and etc. Unfortunately, traditional information security strategies and procedures focus on external threats. This indeed leaves the organization susceptible to cyberattacks from within.

Insider threat statistics you need to know in 2021

1. 45% of employees download, save or send work-related files before they leave their job.

2. Nearly 78% of IT leaders believe their company is at a bigger risk of insider threats if their company implements a permanent hybrid working culture.

3. Every year, more than 34% of businesses globally are affected by insider threats.

4. Between 2018 and 2020, there was a 47% increase in the volume of incidents involving insider threats which includes malicious data exfiltration and accidental data loss.

5. 55% of organizations say that privileged users are their biggest insider threat risk.

6. 38% of cybersecurity experts perceive phishing as the biggest vulnerability among accidental insider threats.

7. Between March and July 2020, 43% of security incidents reported were caused by malicious insiders.

8. The average cost per incident due to the employee or contractor negligence was around 307.000 U.S. dollars whereas the cost of the incident due to criminal insider was over 755.000 U.S. dollars.

9. In 2020, negligent employees caused about 62% of security incidents, costing organizations an average of 307 million U.S. dollars per incident.

10. A 2019 survey by Fortinet revealed that fraud with 55%, monetary gains with 49%, and IP theft with 44% are the three most underlying reasons behind insider threats.

11. The average global cost of insider threat has increased 31% over the last 2 years, from 8.76 million U.S. dollars in 2018 to 11.45 billion U.S. dollars in 2020 and the largest chunk goes towards containment, remediation, incident response, and investigation.

12. A 2021 report by Cybersecurity Insiders found that 14% of organizations don’t monitor user behaviour at all, on;y 28% of organizations responded that they used automation to monitor user behaviour, 17% of organizations only monitor certain user activity under specific circumstances and 10% of firms only monitor user behaviour after an incident has happened.

13. Businesses in the United States encounter about 2500 internal security breaches daily.

14. More than 2 out of 3 insider threat incidents are caused by negligence.

15. Negligence-based insider threat incidents cost organizations an average of 3.8 million U.S. dollars each year.

16. Monitoring the movement of sensitive documents across the network was somewhat important to 86% of organizations.

17. Larger organizations with a workforce of 75000 and above spent an average of 18 million U.S. dollars on insider threat cases. Smaller organizations with a workforce of 500 or less spent 7.7 million U.S. dollars on the same cause.

18. 60% of organizations stated that managers with access to sensitive information are the top insider threat actors. This is followed by contractors and consultants with 57%, and regular employees with 51%.

19. In 2020, 60% of data breaches were from insiders.

20. 78% of organizations don’t believe that they have very solid processes in place when managing IT privileges, and only 22% feel that they are very effective in managing user privileges.

21. According to Insider Threat Report (2019), organizations considered their finance departments with 41%, customer success (35%), and research (33%) as the highest risk of insider threats.

22. The same report found that customer data takes the top spot as the data most vulnerable to insider attacks with 62%. This is followed by intellectual property with 56% and financial data with 52%.

23. In 2019, 68% of organizations realized that insider attacks have become more frequent over the last year. In fact, 67% have experienced one or more insider attacks within the last year.

24. 54% of organizations believed that the most important factor enabling insider attacks was the lack of employee awareness and training. Another key factor was inadequate data protection procedures (50%) and the proliferation of devices with access to sensitive data (49%).

25. Insider threats have a range of impacts on companies that range from operational disruption (61%) to a loss of critical data (43%).

26. 68% of organizations felt extremely vulnerable to insider threats in 2019. Only 6% said they were not at all vulnerable to an insider attack.

27. While all attack sources pose danger, 38% of organizations were more concerned about attacks originating from inside the organization.

28. Because insiders often have elevated access privileges to sensitive data and applications, 60% of companies found it to be increasingly difficult to detect malicious activity.

29. For 47% of organizations, the establishment of formal insider threat programs was typically driven by an information security governance program rather than a response to insider incidents.

30. The transformation towards cloud computing makes the detection of insider attacks more challenging, which was confirmed by 56% of cybersecurity experts.

31. For 49% of organizations the lack of budget and for 37% the lack of staff remained the critical barriers to better insider threat management.

32. A majority of organizations utilized some form of analytics to determine insider threats, including activity management and summary reports (30%) and data access and movement analytics (26%). One-third still didn’t use analytics to detect insider threats.

33. 50% of organizations stated that the most utilized tactic in combating insider threats in 2019 was user training. This is followed by dedicated information security governance programs to comprehensively tackle insider threats (41%) and user activity monitoring (37%).

34. The 3 most efficient security tools and tactics deployed by organizations to protect against insider threats was data loss prevention (54%), identity and access management (52%), and policies and training (49%).

35. Organizations were spending 60% more in 2020 than they spent three years ago, tackling all kinds of insider threats.

36. More than 7 in 10 organizations do not conduct end-to-end monitoring of data access and movement. Failing to do so creates risk and exposure to insider threats.

37. It was difficult to calculate the true cost of a major security breach, but 50% of organizations said that their estimate in 2020 was less than 100.000 U.S. dollars. 34% said they expected damages to be between 100.000 and 500.000 U.S. dollars.

38. 7 out of 10 organizations are concerned about user privacy when monitoring for insider threats. More than 4 in 10 said they didn’t have the insider threat tools to ensure compliance with the EU’s General Data Protection Regulation (GDPR) and other regulations.

39. In 2020, 58% of organizations considered themselves only somewhat effective when it comes to monitoring, detecting and responding to insider threats.

40. Organizations in North America experienced the highest average annual cost of insider threats at 13.3 million U.S. dollars. Followed by the Middle East at 11.65 million U.S. dollars. Europe’s cost amounted to almost 10 million U.S. dollars, while Asia-Pacific totalled nearly 7.9 million U.S. dollars.

41. In 2020, the sector that spent the most on measures against insider threats was the financial services sector with 14.50 million U.S. dollars. The services sector and the technology and software sector followed with 12.31 million and 12.30 million U.S. dollars, respectively.